Function Permissions
Purpose and Scope
Function-level permissions control access to custom functions defined within the Model. These functions can perform actions such as managing bookings, generating invoices, and handling reservations.
Configuring Function Permissions
To configure Function Permissions for a specific privilege, follow these steps:
- Choose the resource name, like the
registerfunction, from the dropdown list. - Alternatively, type the resource name, such as the
registerfunction, directly into the search bar.
- The
icon in the dropdown list indicates Function ressources. - The
icon in the dropdown list indicates Singleton function ressources.
If the Singleton class or its exposed functions don't appear in the permissions dropdown, follow these steps to enable it:
Navigate to the Singleton class in the class section.
Check if the Singleton class is missing any exposed functions.
If there are no exposed functions, add at least one. Here’s an example:
.Save the changes and re-check the permissions dropdown.
If the Singleton class and its exposed functions still don't appear, reload the changes by following the documentation for applying the latest updates.
Now, the Singleton class and its exposed functions should be available for selection, whether it’s the standard class Singleton or the shared one.
Execute Permission
Execute permissions allow the designated privilege to run the function's code 
.
icon on the right, it signifies that the function has been promoted by another privilege. Hover over the privilege name, and clicking on it will redirect you to the privilege promoting the function.
Promote Permission
Promote permissions enable temporary privilege escalation during function execution 
, ensuring the secure performance of critical operations within that function's code without permanently adding privileges.
Upon executing a specific function within a session with a designated privilege, Qodly dynamically integrates the privileges that Promote the function into the session. This temporary elevation allows the function's execution, even when the original session's privilege lacks direct permission for resources in that function code.
After the function concludes, the temporary elevation from the Promote permission is revoked.
Instead, the session experiencing temporary privilege elevation during function execution, will have access to all resource permissions set in each of the promoting privileges.
Refer to the use case of the Promote permission for detailed configuration information.
Describe Permission
Describe permissions provide metadata access for the selected function 
.
Refer to the use case of the Describe permission for detailed configuration information.
Strategies
Max Restriction to Gradual Expansion
To control function execution, the DataStore level is configured exclusively for the Restricted privilege, ensuring that only roles with this privilege can execute functions, thus preventing any unauthorized access.
icon reveals that all functions throughout the model — encompassing DataStore, Dataclasses, Entity selections, and Entities — have the execute permission for the Restricted privilege.
However, to accommodate scenarios where the Agent role needs to execute functions, such as the book function within the roomOptions Entity class, a gradual expansion involves adding the book function resource and checking the execute permission.
In this context, the bookRoom privilege overrides function permissions set at the DataStore level (Restricted).
Full Access to Gradual Restriction
If no Execute permission is set at any level, it grants full access to all functions defined throughout the Model. Gradual restriction involves using other privileges to restrict specific function execution, as seen in the Employee DataClass, where the register() function execution is restricted to specific privileges.
Promote Permission Use Case
Scenario Overview
In a travel agency's system, dynamic pricing analysis recalculates travel package prices based on demand, seasonal trends, and competitor pricing. Key roles include:
The
Sales Managerrole fully controls Read access to thePricingDataclass, including the execution of its functions (Dataclass functions, entity functions, and entity selection functions), such as theanalyzePricingfunction, to ensure confidentiality.Although the
Agentrole is restricted from accessing thePricingDataclass, there are specific scenarios where theAgentmay need to utilize theanalyzePricingfunction to conduct a pricing analysis in response to special requests.
Promote Permission Configuration
If an Agent receives a special request, they need Execute permission for the analyzePricing function to generate a customized pricing quote. This allows users with the Agent role to directly execute the function.
However, due to restricted access to the Pricing Dataclass limited to the Sales Manager role:
Executing the function code attempting to Read data from it would result in a No permission to read for the Pricing dataclass error.
Therefore, It becomes essential to include Promote permission for the analyzePricing function within the ManageFinancials privilege:
icon indicates that the function has been promoted by another privilege. Hover over the privilege name, and clicking on it will direct you to the privilege promoting the function.This configuration explicitly specifies that when the analyzePricing function is executed within a session holding the Agent role, which lacks permission for the Pricing resource, it temporarily integrates the ManageFinancials privilege into that session during function execution. This temporary elevation allows the function to be executed without granting permanent access.
Add the Execute permission in the privilege associated with the role that needs to directly perform the function. Meanwhile, the Promote permission is configured in the privilege that grants broader control over the resources involved in the function, providing a temporary elevation of privileges during the function's execution.
Describe Permission Use Case
The Describe permission gives a privilege the ability to gather metadata about the structure and attributes of Dataclasses.
Scenario Overview
In this scenario, the Describe permission is restricted to privilege A for the metadata of the Pricing Dataclass:
This limitation means that only privilege A is allowed to read the metadata associated with the Pricing Dataclass, covering Dataclass functions, Entity functions, and Entity Selection functions.
Consequence of Limited Permission
Despite privilege B having the necessary permissions to execute the function, and the function being promoted, an error is triggered:
This error results from the absence of the Describe permission for the Pricing Dataclass within privilege B:
This prevents it from retrieving crucial metadata, including the Dataclass name. Consequently, it fails to recognize the existence of the Pricing Dataclass and, by extension, the associated function during execution.
Solutions
Solution 1: Granting Describe Permission
To address this issue, grant privilege B the necessary Describe permission for the Pricing Dataclass. This permission allows privilege B to access metadata, including the Dataclass name and its functions, enabling the successful execution of functions within the Pricing Dataclass.
Solution 2: Higher Permission Level
If Describe permission is configured for total confidentiality, and privilege B shouldn't have access to it, then all functions must have a higher permission level than the restricted resource - the Pricing Dataclass.
To overcome these limitations, place the function in the DataStore function and update the function appointed to privilege B, displaying ds.analyzePricing instead of Pricing.analyzePricing:
The DataStore has a higher permission level than any individual Dataclass.
Likewise, if you aim to restrict the Describe permission for the Price Attribute in the Pricing Dataclass, place the function either in the Pricing Dataclass function or the DataStore function:
The Dataclass has a higher permission level than its Properties.